Listen up 3 – CYBERSECURITY FIRST! Cyberinsurance, help or hindrance?

2021-10-25 18:37

The general aim behind cyberinsurance is that it is insurance that covers things like IT incidents - in particular, things like security incidents.

The flip side of that is that cyberinsurance companies - and I know this from talking to someone who works for a cyberinsurance company - they don't like paying those ransoms any more than any company does.

PD. I guess the good side of that is it means that cyberinsurance won't end up being that "Thing where you put your money", instead of investing in actual cybersecurity that could prevent attacks in the first place.

A bit of research that I co-led, funded by the National Cyber Security Center in the UK, was trying to explore the reality of how the cyberinsurance fits with the broader question of cybersecurity.

I think the answer to your question, Paul, is grounded in the fact that cyberinsurance is a part of cybersecurity risk management, and companies should never view cyberinsurance as "This thing that you buy so you can forget about cyber security."

Collectively, nobody really has that with cyberinsurance and cybersecurity because: [A] it's so new, and [B] it is so volatile, because the cooks find it, sadly, rather easy to adapt their attacks as we put up new defenses.

News URL

https://nakedsecurity.sophos.com/2021/10/25/becybersmart-2021-cyberinsurance/

#cyberinsurance #cybersecurity